Feature added by: Sławomir Lach (Lachu) Feature #323378, revision 1 Title: Sandboxing & desktop files openSUSE Distribution: Unconfirmed Priority Requester: Important Requested by: Sławomir Lach (lachu) Partner organization: openSUSE.org Description: Currently, Plasma5/KDE ask to permission to run desktop file without executable flag. The idea is to add new button: ârun in sandbox modeâ if desktop file contains field: need_access_to_directories. Once app is first ran in sandbox mode, system checks existence of each directory in need_access_to_directories. If directory not exist, system creates it. If directory exist, system will ask user to give permission to access to this directory. If user accept that application should have access to each existing directory in list, but before creating it, the application will launch. If system doesn't create any directory, app will start. But, before application starts, apparmor profile is dedicated to application. And there's a gap. There's probably no user-side apparmor configuration script, because they could be insecure. It's thing to be changed. I don't know Desktop files allowing to insert script instead a path to script/elf file, but system should warn user if in Desktop file are inserted shell script. Additional point if we could assembly need_access_to_directories into elf files. Use Case: Martin downloads Firefox in tar archive, unpack and ran by clicking twice on icon, but system before launch Firefox, will create ~/.cache/mozilla/firefox, ~/.local/share/mozilla/firefox and ~/.config/mozilla/firefox. Firefox will have only access to these directories. If application needs access to /home/martin, system will ask for permission before first launch, because this directory already exist. Business case (Partner benefit): openSUSE.org: We need this to allow software vendors deliver rules to make user profile more secure and also system to protect user home from malware. -- openSUSE Feature: https://features.opensuse.org/323378